8aac7a146911070632a619ab5de4b90fe862423076217b3139558c134b658ad7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 23:38

Target

299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll
Size

16KB
MD5

299ecbf8a5ef2c0b87eeebccef7e6566
SHA1

a2a8e88e207c601db69850c2aceefed194613383
SHA256

8aac7a146911070632a619ab5de4b90fe862423076217b3139558c134b658ad7
SHA512

b7a22c3970597f3b4ae1009dd575e5d61898211dd554c1a0cddb334690a44e0980452df6bac76abc0beabb3d9a0a609d77b104584080678d9cc7f78aea26b464
SSDEEP

192:DI93J3YmENdhXfa1dLFk8OSKS3twSi2S+J+aWAcKzzhN0nlKvr2fIMmPzbWjFsE1:DITc8dBy3SdwSr5+MholFcKBn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 1352	4324	rundll32.exe	82
PID 4324 wrote to memory of 1352	4324	rundll32.exe	82
PID 4324 wrote to memory of 1352	4324	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#1
  2⤵
  PID:1352